Bug ID 83524 -
Has been documented for sites with unsupported cipher suites still not being accessible when configured to not block unsupported cipher suites.
The current work around is to bypass URLs as they come. As of this date 8 Sep 15, this bug still isn't resolved in 7.0.2, though operability with other ciphers might be better the bug isn't officially resolved in 7.0.2.
I asked a Palo Alto representative about this a few months back, and support for TLS_ECDHE_RSA and TLS_DHE_RSA was planned to be implemented sometime in the first half of 2016.
Could be coming in PANOS 8?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!